var mysql = require('mysql');

var connection = mysql.createConnection({
	host: 'localhost',
	port: 3306,
	database: 'test',
	user: 'root',
	password: '123456'
});


var query = "select * from posts where title=" + connection.escape("Hello MySQL");
console.log(query);
// select * from posts where title='Hello MySQL'




// connection.query('insert into posts set ?', {id: 1, title: 'Hello mysql'});

// connection.query('update posts set title = :title', {title: 'Hello nodejs'});

// connection.query('select * from users where id = ?', [userId]);

// connection.query('select * form ?? where id = ?', ['users', userId]);




/*
	escapeId方法 -- 对所有用户输入的SQL标示符进行escape编码处理
	connect.escapeId(identifier);
*/
var sorter = 'date';
var query = 'select * from posts order by ' + connection.escapeId(sorter);
console.log(query);
//select * from posts order by `date`


// 可以在identifier参数中使用限定符
var sorter = 'date';
var query = 'select * from posts order by ' + connection.escapeId('posts.' + sorter);
console.log(query);
// select * from posts order by `posts`.`date`